hwc-realtime-streaming
Implement real-time Hotwire behavior: Turbo Streams over WebSocket/SSE, custom stream actions, inline stream tags, live list updates, and cross-tab state synchronization. Prefer this skill when the core problem is push-based updates or stream action orchestration. Use hwc-navigation-content for pull-based pagination/tab/lazy-navigation flows, hwc-forms-validation for form lifecycle and validation, hwc-media-content for media upload/playback behavior, hwc-ux-feedback for generic loading/progress/transitions, and hwc-stimulus-fundamentals for non-stream Stimulus fundamentals.
89
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). The skill includes runtime flows that consume untrusted external content — for example references/2024-03-12-hotwire-combobox-with-real-time-data.md shows connecting to an external WebSocket (data-external-websocket-url-value / wss://example.com/ws) and parsing incoming JSON to update the UI, and other references (e.g., references/2023-10-10-turbo-streams-custom-stream-actions.md and references/2023-08-01-turbo-streams-inline-stream-tags.md) show executing server-sent or appended <turbo-stream> elements and attributes from responses, all of which are untrusted third-party inputs that can materially influence client behavior.
- Repository
- lucianghinda/superpowers-ruby
- Commit
cb03f92
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.